Hi everyone Christopher Budd here.
I wanted to give you some information about the recent posting of proof of concept PERL script that claims to demonstrate a vulnerability in Excel’s processing of long links. As soon as we received these reports we immediately began an investigation into the posting. I wanted to let you know information we have based on that investigation.
First, I want to be clear that this proof of concept code and not an attack. We’re not aware of any attacks based on this code based on our work with our Microsoft Security Response Alliance partners.
Second, our investigation so far has shown that while the posting claims this is a vulnerability in Excel, it actually is a vulnerability in hlink.dll which is a Windows component that handles operations involving hyperlinks. Any attempt to exploit this vulnerability would require convincing a user to open a specially-crafted Excel document. The user would then also have to locate and click on a specially-crafted long link in that document. We have not found any way to attempt to exploit this vulnerability that involves simply opening a document: a user must locate a click a hyperlink in the document.
As a reminder, it’s important to make sure that you only accept and open files from a trusted source, as well as be careful what websites you visit.
It’s early into our investigation but we have our teams working hard on it. Once it’s complete, we’ll take the appropriate action to protect our customers based on our findings.
We’ll be closely monitoring the situation with our Microsoft Security Response Alliance partners for any changes. And, as always, we’ll provide updates through our blog as we have more information.
Christopher
*This posting is provided “AS IS” with no warranties, and confers no rights.*